Patch Tuesday: HTTP Strict Transport for Windows 8.1 and Windows 7

Patch Tuesday: HTTP Strict Transport for Windows 8.1 and Windows 7

In February of this year, Microsoft delivered HTTP Strict Transport Security (HSTS) to Windows Insiders as part of the Windows 10 beta program. This month the company is rolling it out to Windows 8.1 and Windows 7 users through the Cumulative Security Update for Internet Explorer (3058515).

HSTS is based on a proposed Internet standards document provided by the Internet Engineering Task Force (IETF). You can find the boring details here: Request for Comments: 6797.

Per the proposed standard:

 

This specification defines a mechanism enabling web sites to declare themselves accessible only via secure connections and/or for users to be able to direct their user agent(s) to interact with given sites only over secure connections.

 

At its core, HSTS is a security feature for web sites that that tells web browsers that the client should only communicate over HTTPS. The idea is that if you connect to the Internet over an unsecure connection (say, an unqualified access point in an airport) and you want to visit your bank's web site to perform personal transactions, the bank's web site will force HTTPS, helping to protect the data stream. It's like having a stream within a stream, one unsecure and one secure, to ensure hackers can't get access to important information.

More information: Microsoft Edge Dev Blog

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish